[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: chrooting a program not designed to be chrooted
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: chrooting a program not designed to be chrooted
- From: Henning Brauer <lists-openbsd_(_at_)_bsws_(_dot_)_de>
- Date: Fri, 24 Jan 2003 09:11:08 +0100
- Mail-followup-to: misc_(_at_)_openbsd_(_dot_)_org
On Thu, Jan 23, 2003 at 07:17:09PM -0000, Dom De Vitto wrote:
> If you go back to basics being root just to bind to <1024 is daft.
> Just bind to a non-priv port, as a non-priv user in a chroot jail,
> then NAT traffic to the priv port to the unpriv one & vice versa.
no, bind to the port before you chroot & drop privs.
Unix is very simple, but it takes a genius to understand the simplicity.